Skip Navigation

A guide for open source software (OSS) security

6 minute read time

Evaluate open source software (OSS) security to ensure safe usage of software components in software development life cycles and software supply chains
Read More...

Enhancing software supply chain security: New Sonatype product capabilities

By Tara Flynn Condon on August 21, 2023 News and Views

3 minute read time

Sonatype announces the latest enhancements for Sonatype Repository Firewall, Sonatype Nexus Repository, and Sonatype Lifecycle.
Read More...

“Quoi...? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer

By Ax Sharma on July 17, 2023 PyPI

3 minute read time

A malicious PyPI package called ‘feur’ was caught by Sonatype’s automated malware detection systems
Read More...

A closer look: Differentiating software vulnerabilities and malware

By Aaron Linskens on July 11, 2023 vulnerabilities

7 minute read time

Vulnerabilities and malware in open source software pose significant threats to the security and integrity of your software supply chain
Read More...

Supply chain security inside and out

3 minute read time

Every organization needs to safeguard their SDLC. Take a look at two key aspects of ensuring external and internal security for your software supply chain.
Read More...

Protecting software developers from malware with AI/ML insights

By Mandeep Singh on April 20, 2023 featured

5 minute read time

Developer-targeted malware is a complex and difficult problem. A look at what tools and information are needed to reduce risk in your development pipeline.
Read More...

Sonatype Repository Firewall is an easy solution for a big problem

6 minute read time

Discover Sonatype Repository Firewall's AI-driven protection for SDLCs, blocking malicious components and ensuring a more secure software supply chain.
Read More...

Top 8 malicious attacks recently found on PyPI

13 minute read time

Eight malicious attacks on PyPI recently caught our Security Research Team's eye. Get the details about the actions and motivations of the attackers.
Read More...

Malware Monthly - January 2023

11 minute read time

January 2023's Malware Monthly covers malware that rejects virtual machines, Linux crypto miners, evasive variants of RAT mutants, and more.
Read More...